APPS/pkeyutl: strengthen error message on too long sign/verify input

author Dr. David von Oheimb <dev@ddvo.net>

Tue, 29 Oct 2024 18:41:02 +0000 (19:41 +0100)

committer Dr. David von Oheimb <dev@ddvo.net>

Mon, 4 Nov 2024 09:19:04 +0000 (10:19 +0100)
author Dr. David von Oheimb <dev@ddvo.net>
Tue, 29 Oct 2024 18:41:02 +0000 (19:41 +0100)
committer Dr. David von Oheimb <dev@ddvo.net>
Mon, 4 Nov 2024 09:19:04 +0000 (10:19 +0100)
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c

index 30a4259fe46e63fffefa12ae61e8e3315e6eafbe..ca2575bc179cbe0eb3e45c2d020f1f0a228c7461 100644 (file)
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -490,12 +490,14 @@ int pkeyutl_main(int argc, char **argv)
  
      /* Sanity check the input if the input is not raw */
      if (!rawin
-            && buf_inlen > EVP_MAX_MD_SIZE
-            && (pkey_op == EVP_PKEY_OP_SIGN
-                || pkey_op == EVP_PKEY_OP_VERIFY)) {
-        BIO_printf(bio_err,
-                   "Error: The input data looks too long to be a hash\n");
-        goto end;
+        && (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY
+            || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+        if (buf_inlen > EVP_MAX_MD_SIZE) {
+            BIO_printf(bio_err,
+                       "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
+                       buf_inlen, EVP_MAX_MD_SIZE);
+            goto end;
+        }
      }
  
      if (pkey_op == EVP_PKEY_OP_VERIFY) {
author	Dr. David von Oheimb <dev@ddvo.net>
	Tue, 29 Oct 2024 18:41:02 +0000 (19:41 +0100)
committer	Dr. David von Oheimb <dev@ddvo.net>
	Mon, 4 Nov 2024 09:19:04 +0000 (10:19 +0100)